5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
9.5 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.0%
Package : curl
Version : 7.21.0-2.1+squeeze9
CVE ID : CVE-2014-3613
CVE-2014-3613
By not detecting and rejecting domain names for partial literal IP
addresses properly when parsing received HTTP cookies, libcurl can
be fooled to both sending cookies to wrong sites and into allowing
arbitrary sites to set cookies for others.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | s390x | curl | < 7.26.0-1+wheezy10 | curl_7.26.0-1+wheezy10_s390x.deb |
Debian | 7 | kfreebsd-i386 | libcurl4-gnutls-dev | < 7.26.0-1+wheezy10 | libcurl4-gnutls-dev_7.26.0-1+wheezy10_kfreebsd-i386.deb |
Debian | 7 | mipsel | libcurl3-gnutls | < 7.26.0-1+wheezy10 | libcurl3-gnutls_7.26.0-1+wheezy10_mipsel.deb |
Debian | 7 | ia64 | libcurl3-gnutls | < 7.26.0-1+wheezy10 | libcurl3-gnutls_7.26.0-1+wheezy10_ia64.deb |
Debian | 6 | i386 | curl | < 7.21.0-2.1+squeeze9 | curl_7.21.0-2.1+squeeze9_i386.deb |
Debian | 7 | all | curl | < 7.26.0-1+wheezy10 | curl_7.26.0-1+wheezy10_all.deb |
Debian | 7 | armel | libcurl3-dbg | < 7.26.0-1+wheezy10 | libcurl3-dbg_7.26.0-1+wheezy10_armel.deb |
Debian | 6 | i386 | libcurl3-gnutls | < 7.21.0-2.1+squeeze9 | libcurl3-gnutls_7.21.0-2.1+squeeze9_i386.deb |
Debian | 7 | s390x | libcurl4-gnutls-dev | < 7.26.0-1+wheezy10 | libcurl4-gnutls-dev_7.26.0-1+wheezy10_s390x.deb |
Debian | 6 | all | curl | < 7.21.0-2.1+squeeze9 | curl_7.21.0-2.1+squeeze9_all.deb |